Compare commits
No commits in common. "fe2960cdd8b39a97332d33c2ea9a73906f9e348c" and "95949729a45e2f62a8a784a18e5d9e7d8339d5d6" have entirely different histories.
fe2960cdd8
...
95949729a4
188
13/Dockerfile
188
13/Dockerfile
@ -1,188 +0,0 @@
|
|||||||
FROM harbor.dragse.it/base/alpine:3.15
|
|
||||||
|
|
||||||
RUN echo $'https://nexus.dragse.it/repository/apk-main/\nhttps://nexus.dragse.it/repository/apk-community/' > /etc/apk/repositories
|
|
||||||
|
|
||||||
|
|
||||||
# 70 is the standard uid/gid for "postgres" in Alpine
|
|
||||||
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
|
|
||||||
RUN set -eux; \
|
|
||||||
addgroup -g 70 -S postgres; \
|
|
||||||
adduser -u 70 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
|
|
||||||
mkdir -p /var/lib/postgresql; \
|
|
||||||
chown -R postgres:postgres /var/lib/postgresql
|
|
||||||
|
|
||||||
# su-exec (gosu-compatible) is installed further down
|
|
||||||
|
|
||||||
# make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default
|
|
||||||
# alpine doesn't require explicit locale-file generation
|
|
||||||
ENV LANG en_US.utf8
|
|
||||||
|
|
||||||
RUN mkdir /docker-entrypoint-initdb.d
|
|
||||||
|
|
||||||
ENV PG_MAJOR 13
|
|
||||||
ENV PG_VERSION 13.5
|
|
||||||
ENV PG_SHA256 9b81067a55edbaabc418aacef457dd8477642827499560b00615a6ea6c13f6b3
|
|
||||||
|
|
||||||
RUN set -eux; \
|
|
||||||
\
|
|
||||||
wget -O postgresql.tar.bz2 "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2"; \
|
|
||||||
echo "$PG_SHA256 *postgresql.tar.bz2" | sha256sum -c -; \
|
|
||||||
mkdir -p /usr/src/postgresql; \
|
|
||||||
tar \
|
|
||||||
--extract \
|
|
||||||
--file postgresql.tar.bz2 \
|
|
||||||
--directory /usr/src/postgresql \
|
|
||||||
--strip-components 1 \
|
|
||||||
; \
|
|
||||||
rm postgresql.tar.bz2; \
|
|
||||||
\
|
|
||||||
apk add --no-cache --virtual .build-deps \
|
|
||||||
bison \
|
|
||||||
coreutils \
|
|
||||||
dpkg-dev dpkg \
|
|
||||||
flex \
|
|
||||||
gcc \
|
|
||||||
krb5-dev \
|
|
||||||
libc-dev \
|
|
||||||
libedit-dev \
|
|
||||||
libxml2-dev \
|
|
||||||
libxslt-dev \
|
|
||||||
linux-headers \
|
|
||||||
llvm-dev clang g++ \
|
|
||||||
make \
|
|
||||||
openldap-dev \
|
|
||||||
openssl-dev \
|
|
||||||
# configure: error: prove not found
|
|
||||||
perl-utils \
|
|
||||||
# configure: error: Perl module IPC::Run is required to run TAP tests
|
|
||||||
perl-ipc-run \
|
|
||||||
perl-dev \
|
|
||||||
python3-dev \
|
|
||||||
tcl-dev \
|
|
||||||
util-linux-dev \
|
|
||||||
zlib-dev \
|
|
||||||
# https://www.postgresql.org/docs/10/static/release-10.html#id-1.11.6.9.5.13
|
|
||||||
icu-dev \
|
|
||||||
; \
|
|
||||||
\
|
|
||||||
cd /usr/src/postgresql; \
|
|
||||||
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
|
|
||||||
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
|
|
||||||
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
|
|
||||||
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
|
|
||||||
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
|
|
||||||
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
|
|
||||||
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
|
|
||||||
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
|
|
||||||
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
|
|
||||||
# configure options taken from:
|
|
||||||
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
|
|
||||||
./configure \
|
|
||||||
--build="$gnuArch" \
|
|
||||||
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
|
|
||||||
# --enable-nls \
|
|
||||||
--enable-integer-datetimes \
|
|
||||||
--enable-thread-safety \
|
|
||||||
--enable-tap-tests \
|
|
||||||
# skip debugging info -- we want tiny size instead
|
|
||||||
# --enable-debug \
|
|
||||||
--disable-rpath \
|
|
||||||
--with-uuid=e2fs \
|
|
||||||
--with-gnu-ld \
|
|
||||||
--with-pgport=5432 \
|
|
||||||
--with-system-tzdata=/usr/share/zoneinfo \
|
|
||||||
--prefix=/usr/local \
|
|
||||||
--with-includes=/usr/local/include \
|
|
||||||
--with-libraries=/usr/local/lib \
|
|
||||||
--with-krb5 \
|
|
||||||
--with-gssapi \
|
|
||||||
--with-ldap \
|
|
||||||
--with-tcl \
|
|
||||||
--with-perl \
|
|
||||||
--with-python \
|
|
||||||
# --with-pam \
|
|
||||||
--with-openssl \
|
|
||||||
--with-libxml \
|
|
||||||
--with-libxslt \
|
|
||||||
--with-icu \
|
|
||||||
--with-llvm \
|
|
||||||
; \
|
|
||||||
make -j "$(nproc)" world; \
|
|
||||||
make install-world; \
|
|
||||||
make -C contrib install; \
|
|
||||||
\
|
|
||||||
runDeps="$( \
|
|
||||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
|
|
||||||
| tr ',' '\n' \
|
|
||||||
| sort -u \
|
|
||||||
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
|
||||||
# Remove plperl, plpython and pltcl dependencies by default to save image size
|
|
||||||
# To use the pl extensions, those have to be installed in a derived image
|
|
||||||
| grep -v -e perl -e python -e tcl \
|
|
||||||
)"; \
|
|
||||||
apk add --no-cache --virtual .postgresql-rundeps \
|
|
||||||
$runDeps \
|
|
||||||
bash \
|
|
||||||
su-exec \
|
|
||||||
# tzdata is optional, but only adds around 1Mb to image size and is recommended by Django documentation:
|
|
||||||
# https://docs.djangoproject.com/en/1.10/ref/databases/#optimizing-postgresql-s-configuration
|
|
||||||
tzdata \
|
|
||||||
; \
|
|
||||||
apk del --no-network .build-deps; \
|
|
||||||
cd /; \
|
|
||||||
rm -rf \
|
|
||||||
/usr/src/postgresql \
|
|
||||||
/usr/local/share/doc \
|
|
||||||
/usr/local/share/man \
|
|
||||||
; \
|
|
||||||
\
|
|
||||||
postgres --version
|
|
||||||
|
|
||||||
# make the sample config easier to munge (and "correct by default")
|
|
||||||
RUN set -eux; \
|
|
||||||
cp -v /usr/local/share/postgresql/postgresql.conf.sample /usr/local/share/postgresql/postgresql.conf.sample.orig; \
|
|
||||||
sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/local/share/postgresql/postgresql.conf.sample; \
|
|
||||||
grep -F "listen_addresses = '*'" /usr/local/share/postgresql/postgresql.conf.sample
|
|
||||||
|
|
||||||
RUN mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
|
|
||||||
|
|
||||||
ENV PGDATA /var/lib/postgresql/data
|
|
||||||
# this 777 will be replaced by 700 at runtime (allows semi-arbitrary "--user" values)
|
|
||||||
RUN mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
|
|
||||||
VOLUME /var/lib/postgresql/data
|
|
||||||
|
|
||||||
COPY docker-entrypoint.sh /usr/local/bin/
|
|
||||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
|
||||||
|
|
||||||
# We set the default STOPSIGNAL to SIGINT, which corresponds to what PostgreSQL
|
|
||||||
# calls "Fast Shutdown mode" wherein new connections are disallowed and any
|
|
||||||
# in-progress transactions are aborted, allowing PostgreSQL to stop cleanly and
|
|
||||||
# flush tables to disk, which is the best compromise available to avoid data
|
|
||||||
# corruption.
|
|
||||||
#
|
|
||||||
# Users who know their applications do not keep open long-lived idle connections
|
|
||||||
# may way to use a value of SIGTERM instead, which corresponds to "Smart
|
|
||||||
# Shutdown mode" in which any existing sessions are allowed to finish and the
|
|
||||||
# server stops when all sessions are terminated.
|
|
||||||
#
|
|
||||||
# See https://www.postgresql.org/docs/12/server-shutdown.html for more details
|
|
||||||
# about available PostgreSQL server shutdown signals.
|
|
||||||
#
|
|
||||||
# See also https://www.postgresql.org/docs/12/server-start.html for further
|
|
||||||
# justification of this as the default value, namely that the example (and
|
|
||||||
# shipped) systemd service files use the "Fast Shutdown mode" for service
|
|
||||||
# termination.
|
|
||||||
#
|
|
||||||
STOPSIGNAL SIGINT
|
|
||||||
#
|
|
||||||
# An additional setting that is recommended for all users regardless of this
|
|
||||||
# value is the runtime "--stop-timeout" (or your orchestrator/runtime's
|
|
||||||
# equivalent) for controlling how long to wait between sending the defined
|
|
||||||
# STOPSIGNAL and sending SIGKILL (which is likely to cause data corruption).
|
|
||||||
#
|
|
||||||
# The default in most runtimes (such as Docker) is 10 seconds, and the
|
|
||||||
# documentation at https://www.postgresql.org/docs/12/server-start.html notes
|
|
||||||
# that even 90 seconds may not be long enough in many instances.
|
|
||||||
|
|
||||||
EXPOSE 5432
|
|
||||||
CMD ["postgres"]
|
|
@ -1,342 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
set -Eeo pipefail
|
|
||||||
# TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
|
|
||||||
|
|
||||||
# usage: file_env VAR [DEFAULT]
|
|
||||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
|
||||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
|
||||||
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
|
||||||
file_env() {
|
|
||||||
local var="$1"
|
|
||||||
local fileVar="${var}_FILE"
|
|
||||||
local def="${2:-}"
|
|
||||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
|
||||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
local val="$def"
|
|
||||||
if [ "${!var:-}" ]; then
|
|
||||||
val="${!var}"
|
|
||||||
elif [ "${!fileVar:-}" ]; then
|
|
||||||
val="$(< "${!fileVar}")"
|
|
||||||
fi
|
|
||||||
export "$var"="$val"
|
|
||||||
unset "$fileVar"
|
|
||||||
}
|
|
||||||
|
|
||||||
# check to see if this file is being run or sourced from another script
|
|
||||||
_is_sourced() {
|
|
||||||
# https://unix.stackexchange.com/a/215279
|
|
||||||
[ "${#FUNCNAME[@]}" -ge 2 ] \
|
|
||||||
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
|
|
||||||
&& [ "${FUNCNAME[1]}" = 'source' ]
|
|
||||||
}
|
|
||||||
|
|
||||||
# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
|
|
||||||
docker_create_db_directories() {
|
|
||||||
local user; user="$(id -u)"
|
|
||||||
|
|
||||||
mkdir -p "$PGDATA"
|
|
||||||
# ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
|
|
||||||
chmod 700 "$PGDATA" || :
|
|
||||||
|
|
||||||
# ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
|
|
||||||
mkdir -p /var/run/postgresql || :
|
|
||||||
chmod 775 /var/run/postgresql || :
|
|
||||||
|
|
||||||
# Create the transaction log directory before initdb is run so the directory is owned by the correct user
|
|
||||||
if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
|
|
||||||
mkdir -p "$POSTGRES_INITDB_WALDIR"
|
|
||||||
if [ "$user" = '0' ]; then
|
|
||||||
find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
|
|
||||||
fi
|
|
||||||
chmod 700 "$POSTGRES_INITDB_WALDIR"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# allow the container to be started with `--user`
|
|
||||||
if [ "$user" = '0' ]; then
|
|
||||||
find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
|
|
||||||
find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# initialize empty PGDATA directory with new database via 'initdb'
|
|
||||||
# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
|
|
||||||
# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
|
|
||||||
# this is also where the database user is created, specified by `POSTGRES_USER` env
|
|
||||||
docker_init_database_dir() {
|
|
||||||
# "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
|
|
||||||
# see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
|
|
||||||
local uid; uid="$(id -u)"
|
|
||||||
if ! getent passwd "$uid" &> /dev/null; then
|
|
||||||
# see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
|
|
||||||
local wrapper
|
|
||||||
for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
|
|
||||||
if [ -s "$wrapper" ]; then
|
|
||||||
NSS_WRAPPER_PASSWD="$(mktemp)"
|
|
||||||
NSS_WRAPPER_GROUP="$(mktemp)"
|
|
||||||
export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
|
||||||
local gid; gid="$(id -g)"
|
|
||||||
echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
|
||||||
echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$POSTGRES_INITDB_WALDIR" ]; then
|
|
||||||
set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
|
|
||||||
|
|
||||||
# unset/cleanup "nss_wrapper" bits
|
|
||||||
if [ "${LD_PRELOAD:-}" = '/usr/lib/libnss_wrapper.so' ]; then
|
|
||||||
rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
|
|
||||||
unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# print large warning if POSTGRES_PASSWORD is long
|
|
||||||
# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
|
|
||||||
# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
|
|
||||||
# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
|
|
||||||
docker_verify_minimum_env() {
|
|
||||||
# check password first so we can output the warning before postgres
|
|
||||||
# messes it up
|
|
||||||
if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
|
|
||||||
cat >&2 <<-'EOWARN'
|
|
||||||
WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
|
|
||||||
This will not work if used via PGPASSWORD with "psql".
|
|
||||||
https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
|
|
||||||
https://github.com/docker-library/postgres/issues/507
|
|
||||||
EOWARN
|
|
||||||
fi
|
|
||||||
if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
|
||||||
# The - option suppresses leading tabs but *not* spaces. :)
|
|
||||||
cat >&2 <<-'EOE'
|
|
||||||
Error: Database is uninitialized and superuser password is not specified.
|
|
||||||
You must specify POSTGRES_PASSWORD to a non-empty value for the
|
|
||||||
superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
|
|
||||||
You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
|
|
||||||
connections without a password. This is *not* recommended.
|
|
||||||
See PostgreSQL documentation about "trust":
|
|
||||||
https://www.postgresql.org/docs/current/auth-trust.html
|
|
||||||
EOE
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
|
||||||
cat >&2 <<-'EOWARN'
|
|
||||||
********************************************************************************
|
|
||||||
WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
|
|
||||||
anyone with access to the Postgres port to access your database without
|
|
||||||
a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
|
|
||||||
documentation about "trust":
|
|
||||||
https://www.postgresql.org/docs/current/auth-trust.html
|
|
||||||
In Docker's default configuration, this is effectively any other
|
|
||||||
container on the same system.
|
|
||||||
It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
|
|
||||||
it with "-e POSTGRES_PASSWORD=password" instead to set a password in
|
|
||||||
"docker run".
|
|
||||||
********************************************************************************
|
|
||||||
EOWARN
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# usage: docker_process_init_files [file [file [...]]]
|
|
||||||
# ie: docker_process_init_files /always-initdb.d/*
|
|
||||||
# process initializer files, based on file extensions and permissions
|
|
||||||
docker_process_init_files() {
|
|
||||||
# psql here for backwards compatibility "${psql[@]}"
|
|
||||||
psql=( docker_process_sql )
|
|
||||||
|
|
||||||
echo
|
|
||||||
local f
|
|
||||||
for f; do
|
|
||||||
case "$f" in
|
|
||||||
*.sh)
|
|
||||||
# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
|
|
||||||
# https://github.com/docker-library/postgres/pull/452
|
|
||||||
if [ -x "$f" ]; then
|
|
||||||
echo "$0: running $f"
|
|
||||||
"$f"
|
|
||||||
else
|
|
||||||
echo "$0: sourcing $f"
|
|
||||||
. "$f"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
*.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
|
|
||||||
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
|
|
||||||
*.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
|
|
||||||
*) echo "$0: ignoring $f" ;;
|
|
||||||
esac
|
|
||||||
echo
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
# Execute sql script, passed via stdin (or -f flag of pqsl)
|
|
||||||
# usage: docker_process_sql [psql-cli-args]
|
|
||||||
# ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
|
|
||||||
# ie: docker_process_sql -f my-file.sql
|
|
||||||
# ie: docker_process_sql <my-file.sql
|
|
||||||
docker_process_sql() {
|
|
||||||
local query_runner=( psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --no-password --no-psqlrc )
|
|
||||||
if [ -n "$POSTGRES_DB" ]; then
|
|
||||||
query_runner+=( --dbname "$POSTGRES_DB" )
|
|
||||||
fi
|
|
||||||
|
|
||||||
PGHOST= PGHOSTADDR= "${query_runner[@]}" "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
# create initial database
|
|
||||||
# uses environment variables for input: POSTGRES_DB
|
|
||||||
docker_setup_db() {
|
|
||||||
local dbAlreadyExists
|
|
||||||
dbAlreadyExists="$(
|
|
||||||
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" --tuples-only <<-'EOSQL'
|
|
||||||
SELECT 1 FROM pg_database WHERE datname = :'db' ;
|
|
||||||
EOSQL
|
|
||||||
)"
|
|
||||||
if [ -z "$dbAlreadyExists" ]; then
|
|
||||||
POSTGRES_DB= docker_process_sql --dbname postgres --set db="$POSTGRES_DB" <<-'EOSQL'
|
|
||||||
CREATE DATABASE :"db" ;
|
|
||||||
EOSQL
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Loads various settings that are used elsewhere in the script
|
|
||||||
# This should be called before any other functions
|
|
||||||
docker_setup_env() {
|
|
||||||
file_env 'POSTGRES_PASSWORD'
|
|
||||||
|
|
||||||
file_env 'POSTGRES_USER' 'postgres'
|
|
||||||
file_env 'POSTGRES_DB' "$POSTGRES_USER"
|
|
||||||
file_env 'POSTGRES_INITDB_ARGS'
|
|
||||||
: "${POSTGRES_HOST_AUTH_METHOD:=}"
|
|
||||||
|
|
||||||
declare -g DATABASE_ALREADY_EXISTS
|
|
||||||
# look specifically for PG_VERSION, as it is expected in the DB dir
|
|
||||||
if [ -s "$PGDATA/PG_VERSION" ]; then
|
|
||||||
DATABASE_ALREADY_EXISTS='true'
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
|
|
||||||
# all arguments will be passed along as arguments to `postgres` for getting the value of 'password_encryption'
|
|
||||||
pg_setup_hba_conf() {
|
|
||||||
# default authentication method is md5 on versions before 14
|
|
||||||
# https://www.postgresql.org/about/news/postgresql-14-released-2318/
|
|
||||||
if [ "$1" = 'postgres' ]; then
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
local auth
|
|
||||||
# check the default/configured encryption and use that as the auth method
|
|
||||||
auth="$(postgres -C password_encryption "$@")"
|
|
||||||
# postgres 9 only reports "on" and not "md5"
|
|
||||||
if [ "$auth" = 'on' ]; then
|
|
||||||
auth='md5'
|
|
||||||
fi
|
|
||||||
: "${POSTGRES_HOST_AUTH_METHOD:=$auth}"
|
|
||||||
{
|
|
||||||
echo
|
|
||||||
if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
|
|
||||||
echo '# warning trust is enabled for all connections'
|
|
||||||
echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
|
|
||||||
fi
|
|
||||||
echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
|
|
||||||
} >> "$PGDATA/pg_hba.conf"
|
|
||||||
}
|
|
||||||
|
|
||||||
# start socket-only postgresql server for setting up or running scripts
|
|
||||||
# all arguments will be passed along as arguments to `postgres` (via pg_ctl)
|
|
||||||
docker_temp_server_start() {
|
|
||||||
if [ "$1" = 'postgres' ]; then
|
|
||||||
shift
|
|
||||||
fi
|
|
||||||
|
|
||||||
# internal start of server in order to allow setup using psql client
|
|
||||||
# does not listen on external TCP/IP and waits until start finishes
|
|
||||||
set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
|
|
||||||
|
|
||||||
PGUSER="${PGUSER:-$POSTGRES_USER}" \
|
|
||||||
pg_ctl -D "$PGDATA" \
|
|
||||||
-o "$(printf '%q ' "$@")" \
|
|
||||||
-w start
|
|
||||||
}
|
|
||||||
|
|
||||||
# stop postgresql server after done setting up user and running scripts
|
|
||||||
docker_temp_server_stop() {
|
|
||||||
PGUSER="${PGUSER:-postgres}" \
|
|
||||||
pg_ctl -D "$PGDATA" -m fast -w stop
|
|
||||||
}
|
|
||||||
|
|
||||||
# check arguments for an option that would cause postgres to stop
|
|
||||||
# return true if there is one
|
|
||||||
_pg_want_help() {
|
|
||||||
local arg
|
|
||||||
for arg; do
|
|
||||||
case "$arg" in
|
|
||||||
# postgres --help | grep 'then exit'
|
|
||||||
# leaving out -C on purpose since it always fails and is unhelpful:
|
|
||||||
# postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
|
|
||||||
-'?'|--help|--describe-config|-V|--version)
|
|
||||||
return 0
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
_main() {
|
|
||||||
# if first arg looks like a flag, assume we want to run postgres server
|
|
||||||
if [ "${1:0:1}" = '-' ]; then
|
|
||||||
set -- postgres "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then
|
|
||||||
docker_setup_env
|
|
||||||
# setup data directories and permissions (when run as root)
|
|
||||||
docker_create_db_directories
|
|
||||||
if [ "$(id -u)" = '0' ]; then
|
|
||||||
# then restart script as postgres user
|
|
||||||
exec su-exec postgres "$BASH_SOURCE" "$@"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# only run initialization on an empty data directory
|
|
||||||
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
|
|
||||||
docker_verify_minimum_env
|
|
||||||
|
|
||||||
# check dir permissions to reduce likelihood of half-initialized database
|
|
||||||
ls /docker-entrypoint-initdb.d/ > /dev/null
|
|
||||||
|
|
||||||
docker_init_database_dir
|
|
||||||
pg_setup_hba_conf "$@"
|
|
||||||
|
|
||||||
# PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
|
|
||||||
# e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
|
|
||||||
export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
|
|
||||||
docker_temp_server_start "$@"
|
|
||||||
|
|
||||||
docker_setup_db
|
|
||||||
docker_process_init_files /docker-entrypoint-initdb.d/*
|
|
||||||
|
|
||||||
docker_temp_server_stop
|
|
||||||
unset PGPASSWORD
|
|
||||||
|
|
||||||
echo
|
|
||||||
echo 'PostgreSQL init process complete; ready for start up.'
|
|
||||||
echo
|
|
||||||
else
|
|
||||||
echo
|
|
||||||
echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
|
|
||||||
echo
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
exec "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
if ! _is_sourced; then
|
|
||||||
_main "$@"
|
|
||||||
fi
|
|
@ -1,7 +1,5 @@
|
|||||||
FROM harbor.dragse.it/base/alpine:3.15
|
FROM harbor.dragse.it/base/alpine:3.15
|
||||||
|
|
||||||
RUN echo $'https://nexus.dragse.it/repository/apk-main/\nhttps://nexus.dragse.it/repository/apk-community/' > /etc/apk/repositories
|
|
||||||
|
|
||||||
# 70 is the standard uid/gid for "postgres" in Alpine
|
# 70 is the standard uid/gid for "postgres" in Alpine
|
||||||
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
|
# https://git.alpinelinux.org/aports/tree/main/postgresql/postgresql.pre-install?h=3.12-stable
|
||||||
RUN set -eux; \
|
RUN set -eux; \
|
||||||
|
69
drone.yaml
69
drone.yaml
@ -1,69 +0,0 @@
|
|||||||
kind: pipeline
|
|
||||||
name: build
|
|
||||||
type: kubernetes
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: docker_postgres_13
|
|
||||||
image: plugins/docker
|
|
||||||
settings:
|
|
||||||
dockerfile: 13/Dockerfile
|
|
||||||
registry: repo.dragse.de
|
|
||||||
repo: harbor.dragse.it/base/postgres
|
|
||||||
tags:
|
|
||||||
- "1.13"
|
|
||||||
- "1.13.5"
|
|
||||||
username:
|
|
||||||
from_secret: docker_username
|
|
||||||
password:
|
|
||||||
from_secret: docker_password
|
|
||||||
- name: docker_postgres_14
|
|
||||||
image: plugins/docker
|
|
||||||
settings:
|
|
||||||
dockerfile: 14/Dockerfile
|
|
||||||
registry: repo.dragse.de
|
|
||||||
repo: harbor.dragse.it/base/postgres
|
|
||||||
tags:
|
|
||||||
- "1.14"
|
|
||||||
- "1.14.1"
|
|
||||||
- "latest"
|
|
||||||
username:
|
|
||||||
from_secret: docker_username
|
|
||||||
password:
|
|
||||||
from_secret: docker_password
|
|
||||||
- name: send telegram notification
|
|
||||||
image: appleboy/drone-telegram
|
|
||||||
settings:
|
|
||||||
token:
|
|
||||||
from_secret: tele_token
|
|
||||||
to:
|
|
||||||
from_secret: tele_user
|
|
||||||
depends_on:
|
|
||||||
- docker_postgres_13
|
|
||||||
- docker_postgres_14
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: secret
|
|
||||||
name: repo_username
|
|
||||||
get:
|
|
||||||
path: repo-credentials
|
|
||||||
name: username
|
|
||||||
---
|
|
||||||
kind: secret
|
|
||||||
name: repo_password
|
|
||||||
get:
|
|
||||||
path: repo-credentials
|
|
||||||
name: password
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: secret
|
|
||||||
name: tele_user
|
|
||||||
get:
|
|
||||||
path: telegram-notification
|
|
||||||
name: user_id
|
|
||||||
---
|
|
||||||
kind: secret
|
|
||||||
name: tele_token
|
|
||||||
get:
|
|
||||||
path: telegram-notification
|
|
||||||
name: token
|
|
Loading…
Reference in New Issue
Block a user